2011 | OriginalPaper | Buchkapitel
Cryptanalysis of the RSA Subgroup Assumption from TCC 2005
verfasst von : Jean-Sébastien Coron, Antoine Joux, Avradip Mandal, David Naccache, Mehdi Tibouchi
Erschienen in: Public Key Cryptography – PKC 2011
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
At TCC 2005, Groth underlined the usefulness of working in small RSA subgroups of hidden order. In assessing the security of the relevant hard problems, however, the best attack considered for a subgroup of size 2
2ℓ
had a complexity of
O
(2
ℓ
). Accordingly, ℓ= 100 bits was suggested as a concrete parameter.
This paper exhibits an attack with a complexity of roughly 2
ℓ/2
operations, suggesting that Groth’s original choice of parameters was overly aggressive. It also discusses the practicality of this new attack and various implementation issues.